From a46d0ffb83885068b93d9d7cc19ecf159ec802ba Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 20 May 2018 09:20:15 -0700 Subject: [PATCH] transmission: Update to 2.94 Mainly a bugfix for XSS. Patches have been refreshed. Added an upstream fix for TLS verification. Now enabled by default. Signed-off-by: Rosen Penev --- net/transmission/Makefile | 8 +- net/transmission/files/transmission.init | 1 - .../patches/010-add-mbedtls-support.patch | 430 ------------------ ...ort-test.patch => 010-fix-port-test.patch} | 0 .../patches/020-fix-external-miniupnpc.patch | 35 -- ...-fix-safari.patch => 020-fix-safari.patch} | 0 .../patches/030-fix-dht-memory-leak.patch | 31 ++ net/transmission/patches/040-fix-curl.patch | 29 ++ ...tcheck.patch => 050-https-portcheck.patch} | 10 +- .../patches/060-fix-tls-verify.patch | 28 ++ 10 files changed, 97 insertions(+), 475 deletions(-) delete mode 100644 net/transmission/patches/010-add-mbedtls-support.patch rename net/transmission/patches/{030-fix-port-test.patch => 010-fix-port-test.patch} (100%) delete mode 100644 net/transmission/patches/020-fix-external-miniupnpc.patch rename net/transmission/patches/{050-fix-safari.patch => 020-fix-safari.patch} (100%) create mode 100644 net/transmission/patches/030-fix-dht-memory-leak.patch create mode 100644 net/transmission/patches/040-fix-curl.patch rename net/transmission/patches/{040-https-portcheck.patch => 050-https-portcheck.patch} (79%) create mode 100644 net/transmission/patches/060-fix-tls-verify.patch diff --git a/net/transmission/Makefile b/net/transmission/Makefile index f351f3ae9..7e05f75e9 100644 --- a/net/transmission/Makefile +++ b/net/transmission/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=transmission -PKG_VERSION:=2.93 -PKG_RELEASE:=7 +PKG_VERSION:=2.94 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master -PKG_HASH:=8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b +PKG_HASH:=35442cc849f91f8df982c3d0d479d650c6ca19310a994eccdaa79a4af3916b7d PKG_MAINTAINER:=Rosen Penev PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) @@ -32,7 +32,7 @@ define Package/transmission/template CATEGORY:=Network TITLE:=BitTorrent client URL:=http://www.transmissionbt.com - DEPENDS:=+ca-bundle +libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib + DEPENDS:=+libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib endef define Package/transmission-daemon/Default diff --git a/net/transmission/files/transmission.init b/net/transmission/files/transmission.init index 787bafb07..c7593ac1d 100644 --- a/net/transmission/files/transmission.init +++ b/net/transmission/files/transmission.init @@ -111,7 +111,6 @@ transmission() { cmdline="transmission-daemon -g $config_dir -f" procd_open_instance procd_set_param command $cmdline - procd_set_param env CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt procd_set_param user $user procd_set_param group $group procd_set_param nice $nice diff --git a/net/transmission/patches/010-add-mbedtls-support.patch b/net/transmission/patches/010-add-mbedtls-support.patch deleted file mode 100644 index 3e67b30e7..000000000 --- a/net/transmission/patches/010-add-mbedtls-support.patch +++ /dev/null @@ -1,430 +0,0 @@ -From bad7f584eb11076ae37fd51cdb21842935c6ea57 Mon Sep 17 00:00:00 2001 -From: Mike Gelfand -Date: Wed, 26 Oct 2016 20:37:10 +0300 -Subject: [PATCH] Add support for mbedtls (formely polarssl) - ---- - cmake/FindPolarSSL.cmake | 37 +++++++---- - configure.ac | 28 ++++---- - libtransmission/CMakeLists.txt | 4 ++ - libtransmission/Makefile.am | 3 + - libtransmission/crypto-utils-polarssl.c | 112 +++++++++++++++++++------------- - 5 files changed, 115 insertions(+), 69 deletions(-) - -diff --git a/cmake/FindPolarSSL.cmake b/cmake/FindPolarSSL.cmake -index 0a958e0..e4e1ac6 100644 ---- a/cmake/FindPolarSSL.cmake -+++ b/cmake/FindPolarSSL.cmake -@@ -8,21 +8,36 @@ if(POLARSSL_PREFER_STATIC_LIB) - endif() - - if(UNIX) -- find_package(PkgConfig QUIET) -- pkg_check_modules(_POLARSSL QUIET polarssl) -+ find_package(PkgConfig QUIET) -+ pkg_check_modules(_MBEDTLS QUIET mbedtls) - endif() - --find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR}) --find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR}) -+find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h HINTS ${_MBEDTLS_INCLUDEDIR}) -+find_library(MBEDTLS_LIBRARY NAMES mbedtls HINTS ${_MBEDTLS_LIBDIR}) -+if(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY) -+ set(POLARSSL_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR}) -+ set(POLARSSL_LIBRARY ${MBEDTLS_LIBRARY}) -+ set(POLARSSL_VERSION ${_MBEDTLS_VERSION}) -+ set(POLARSSL_IS_MBEDTLS ON) -+else() -+ if(UNIX) -+ pkg_check_modules(_POLARSSL QUIET polarssl) -+ endif() -+ -+ find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR}) -+ find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR}) -+ set(POLARSSL_VERSION ${_POLARSSL_VERSION}) -+ set(POLARSSL_IS_MBEDTLS OFF) -+endif() - --if(POLARSSL_INCLUDE_DIR) -- if(_POLARSSL_VERSION) -- set(POLARSSL_VERSION ${_POLARSSL_VERSION}) -+if(NOT POLARSSL_VERSION AND POLARSSL_INCLUDE_DIR) -+ if(POLARSSL_IS_MBEDTLS) -+ file(STRINGS "${POLARSSL_INCLUDE_DIR}/mbedtls/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[^\"]+\"") - else() - file(STRINGS "${POLARSSL_INCLUDE_DIR}/polarssl/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+POLARSSL_VERSION_STRING[\t ]+\"[^\"]+\"") -- if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"") -- set(POLARSSL_VERSION "${CMAKE_MATCH_1}") -- endif() -+ endif() -+ if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"") -+ set(POLARSSL_VERSION "${CMAKE_MATCH_1}") - endif() - endif() - -@@ -39,7 +54,7 @@ find_package_handle_standard_args(PolarSSL - POLARSSL_VERSION - ) - --mark_as_advanced(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) -+mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) - - if(POLARSSL_PREFER_STATIC_LIB) - set(CMAKE_FIND_LIBRARY_SUFFIXES ${POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) -diff --git a/configure.ac b/configure.ac -index aff673b..cb026df 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -149,23 +149,26 @@ AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xcyassl"], [ - ) - ]) - AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xpolarssl"], [ -- AC_CHECK_HEADER([polarssl/version.h], -- [AC_EGREP_CPP([version_ok], [#include -- #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM -- version_ok -- #endif], -- [AC_CHECK_LIB([polarssl], [dhm_calc_secret], -- [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"], -+ PKG_CHECK_MODULES(MBEDTLS, [mbedtls >= $POLARSSL_MINIMUM], -+ [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS="$MBEDTLS_CFLAGS"; CRYPTO_LIBS="$MBEDTLS_LIBS"; POLARSSL_IS_MBEDTLS=yes], -+ [AC_CHECK_HEADER([polarssl/version.h], -+ [AC_EGREP_CPP([version_ok], [#include -+ #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM -+ version_ok -+ #endif], -+ [AC_CHECK_LIB([polarssl], [dhm_calc_secret], -+ [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"], -+ [AS_IF([test "x$want_crypto" = "xpolarssl"], -+ [AC_MSG_ERROR([PolarSSL support requested, but library not found.])] -+ )] -+ )], - [AS_IF([test "x$want_crypto" = "xpolarssl"], -- [AC_MSG_ERROR([PolarSSL support requested, but library not found.])] -+ [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])] - )] - )], - [AS_IF([test "x$want_crypto" = "xpolarssl"], -- [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])] -+ [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])] - )] -- )], -- [AS_IF([test "x$want_crypto" = "xpolarssl"], -- [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])] - )] - ) - ]) -@@ -180,6 +183,7 @@ AS_IF([test "x$CRYPTO_PKG" = "x"], [ - AM_CONDITIONAL([CRYPTO_USE_OPENSSL],[test "x$CRYPTO_PKG" = "xopenssl"]) - AM_CONDITIONAL([CRYPTO_USE_CYASSL],[test "x$CRYPTO_PKG" = "xcyassl"]) - AM_CONDITIONAL([CRYPTO_USE_POLARSSL],[test "x$CRYPTO_PKG" = "xpolarssl"]) -+AM_CONDITIONAL([POLARSSL_IS_MBEDTLS],[test "x$POLARSSL_IS_MBEDTLS" = "xyes"]) - AC_SUBST(CRYPTO_PKG) - AC_SUBST(CRYPTO_CFLAGS) - AC_SUBST(CRYPTO_LIBS) -diff --git a/libtransmission/CMakeLists.txt b/libtransmission/CMakeLists.txt -index 4865dee..b5230b9 100644 ---- a/libtransmission/CMakeLists.txt -+++ b/libtransmission/CMakeLists.txt -@@ -194,6 +194,10 @@ if(USE_SYSTEM_B64) - add_definitions(-DUSE_SYSTEM_B64) - endif() - -+if(POLARSSL_IS_MBEDTLS) -+ add_definitions(-DPOLARSSL_IS_MBEDTLS) -+endif() -+ - include_directories( - ${PROJECT_SOURCE_DIR} - ${PROJECT_BINARY_DIR} -diff --git a/libtransmission/Makefile.am b/libtransmission/Makefile.am -index f91769a..4d7e85a 100644 ---- a/libtransmission/Makefile.am -+++ b/libtransmission/Makefile.am -@@ -102,6 +102,9 @@ libtransmission_a_SOURCES += crypto-utils-cyassl.c - endif - if CRYPTO_USE_POLARSSL - libtransmission_a_SOURCES += crypto-utils-polarssl.c -+if POLARSSL_IS_MBEDTLS -+AM_CPPFLAGS += -DPOLARSSL_IS_MBEDTLS -+endif - endif - - noinst_HEADERS = \ -diff --git a/libtransmission/crypto-utils-polarssl.c b/libtransmission/crypto-utils-polarssl.c -index 1c59a7f..e98c13d 100644 ---- a/libtransmission/crypto-utils-polarssl.c -+++ b/libtransmission/crypto-utils-polarssl.c -@@ -1,5 +1,5 @@ - /* -- * This file Copyright (C) 2014-2015 Mnemosyne LLC -+ * This file Copyright (C) 2014-2016 Mnemosyne LLC - * - * It may be used under the GNU GPL versions 2 or 3 - * or any future license endorsed by Mnemosyne LLC. -@@ -7,15 +7,25 @@ - * $Id$ - */ - -+#if defined (POLARSSL_IS_MBEDTLS) -+ #define API_HEADER(x) -+ #define API(x) mbedtls_##x -+ #define API_VERSION_NUMBER MBEDTLS_VERSION_NUMBER -+#else -+ #define API_HEADER(x) -+ #define API(x) x -+ #define API_VERSION_NUMBER POLARSSL_VERSION_NUMBER -+#endif -+ - #include - --#include --#include --#include --#include --#include --#include --#include -+#include API_HEADER (arc4.h) -+#include API_HEADER (base64.h) -+#include API_HEADER (ctr_drbg.h) -+#include API_HEADER (dhm.h) -+#include API_HEADER (error.h) -+#include API_HEADER (sha1.h) -+#include API_HEADER (version.h) - - #include "transmission.h" - #include "crypto-utils.h" -@@ -41,7 +51,9 @@ log_polarssl_error (int error_code, - { - char error_message[256]; - --#if POLARSSL_VERSION_NUMBER >= 0x01030000 -+#if defined (POLARSSL_IS_MBEDTLS) -+ mbedtls_strerror (error_code, error_message, sizeof (error_message)); -+#elif API_VERSION_NUMBER >= 0x01030000 - polarssl_strerror (error_code, error_message, sizeof (error_message)); - #else - error_strerror (error_code, error_message, sizeof (error_message)); -@@ -51,7 +63,7 @@ log_polarssl_error (int error_code, - } - } - --#define log_error(error_code) log_polarssl_error(error_code, __FILE__, __LINE__) -+#define log_error(error_code) log_polarssl_error ((error_code), __FILE__, __LINE__) - - static bool - check_polarssl_result (int result, -@@ -83,15 +95,20 @@ my_rand (void * context UNUSED, unsigned char * buffer, size_t buffer_size) - return 0; - } - --static ctr_drbg_context * -+static API (ctr_drbg_context) * - get_rng (void) - { -- static ctr_drbg_context rng; -+ static API (ctr_drbg_context) rng; - static bool rng_initialized = false; - - if (!rng_initialized) - { -- if (!check_result (ctr_drbg_init (&rng, &my_rand, NULL, NULL, 0))) -+#if API_VERSION_NUMBER >= 0x02000000 -+ API (ctr_drbg_init) (&rng); -+ if (!check_result (API (ctr_drbg_seed) (&rng, &my_rand, NULL, NULL, 0))) -+#else -+ if (!check_result (API (ctr_drbg_init) (&rng, &my_rand, NULL, NULL, 0))) -+#endif - return NULL; - rng_initialized = true; - } -@@ -117,13 +134,13 @@ get_rng_lock (void) - tr_sha1_ctx_t - tr_sha1_init (void) - { -- sha1_context * handle = tr_new0 (sha1_context, 1); -+ API (sha1_context) * handle = tr_new0 (API (sha1_context), 1); - --#if POLARSSL_VERSION_NUMBER >= 0x01030800 -- sha1_init (handle); -+#if API_VERSION_NUMBER >= 0x01030800 -+ API (sha1_init) (handle); - #endif - -- sha1_starts (handle); -+ API (sha1_starts) (handle); - return handle; - } - -@@ -139,7 +156,7 @@ tr_sha1_update (tr_sha1_ctx_t handle, - - assert (data != NULL); - -- sha1_update (handle, data, data_length); -+ API (sha1_update) (handle, data, data_length); - return true; - } - -@@ -151,11 +168,11 @@ tr_sha1_final (tr_sha1_ctx_t handle, - { - assert (handle != NULL); - -- sha1_finish (handle, hash); -+ API (sha1_finish) (handle, hash); - } - --#if POLARSSL_VERSION_NUMBER >= 0x01030800 -- sha1_free (handle); -+#if API_VERSION_NUMBER >= 0x01030800 -+ API (sha1_free) (handle); - #endif - - tr_free (handle); -@@ -169,10 +186,10 @@ tr_sha1_final (tr_sha1_ctx_t handle, - tr_rc4_ctx_t - tr_rc4_new (void) - { -- arc4_context * handle = tr_new0 (arc4_context, 1); -+ API (arc4_context) * handle = tr_new0 (API (arc4_context), 1); - --#if POLARSSL_VERSION_NUMBER >= 0x01030800 -- arc4_init (handle); -+#if API_VERSION_NUMBER >= 0x01030800 -+ API (arc4_init) (handle); - #endif - - return handle; -@@ -181,8 +198,8 @@ tr_rc4_new (void) - void - tr_rc4_free (tr_rc4_ctx_t handle) - { --#if POLARSSL_VERSION_NUMBER >= 0x01030800 -- arc4_free (handle); -+#if API_VERSION_NUMBER >= 0x01030800 -+ API (arc4_free) (handle); - #endif - - tr_free (handle); -@@ -196,7 +213,7 @@ tr_rc4_set_key (tr_rc4_ctx_t handle, - assert (handle != NULL); - assert (key != NULL); - -- arc4_setup (handle, key, key_length); -+ API (arc4_setup) (handle, key, key_length); - } - - void -@@ -213,7 +230,7 @@ tr_rc4_process (tr_rc4_ctx_t handle, - assert (input != NULL); - assert (output != NULL); - -- arc4_crypt (handle, length, input, output); -+ API (arc4_crypt) (handle, length, input, output); - } - - /*** -@@ -226,19 +243,19 @@ tr_dh_new (const uint8_t * prime_num, - const uint8_t * generator_num, - size_t generator_num_length) - { -- dhm_context * handle = tr_new0 (dhm_context, 1); -+ API (dhm_context) * handle = tr_new0 (API (dhm_context), 1); - - assert (prime_num != NULL); - assert (generator_num != NULL); - --#if POLARSSL_VERSION_NUMBER >= 0x01030800 -- dhm_init (handle); -+#if API_VERSION_NUMBER >= 0x01030800 -+ API (dhm_init) (handle); - #endif - -- if (!check_result (mpi_read_binary (&handle->P, prime_num, prime_num_length)) || -- !check_result (mpi_read_binary (&handle->G, generator_num, generator_num_length))) -+ if (!check_result (API (mpi_read_binary) (&handle->P, prime_num, prime_num_length)) || -+ !check_result (API (mpi_read_binary) (&handle->G, generator_num, generator_num_length))) - { -- dhm_free (handle); -+ API (dhm_free) (handle); - return NULL; - } - -@@ -253,7 +270,7 @@ tr_dh_free (tr_dh_ctx_t handle) - if (handle == NULL) - return; - -- dhm_free (handle); -+ API (dhm_free) (handle); - } - - bool -@@ -262,7 +279,7 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle, - uint8_t * public_key, - size_t * public_key_length) - { -- dhm_context * handle = raw_handle; -+ API (dhm_context) * handle = raw_handle; - - assert (handle != NULL); - assert (public_key != NULL); -@@ -270,8 +287,8 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle, - if (public_key_length != NULL) - *public_key_length = handle->len; - -- return check_result (dhm_make_public (handle, private_key_length, public_key, -- handle->len, my_rand, NULL)); -+ return check_result (API (dhm_make_public) (handle, private_key_length, public_key, -+ handle->len, my_rand, NULL)); - } - - tr_dh_secret_t -@@ -279,26 +296,29 @@ tr_dh_agree (tr_dh_ctx_t raw_handle, - const uint8_t * other_public_key, - size_t other_public_key_length) - { -- dhm_context * handle = raw_handle; -+ API (dhm_context) * handle = raw_handle; - struct tr_dh_secret * ret; - size_t secret_key_length; - - assert (handle != NULL); - assert (other_public_key != NULL); - -- if (!check_result (dhm_read_public (handle, other_public_key, -- other_public_key_length))) -+ if (!check_result (API (dhm_read_public )(handle, other_public_key, -+ other_public_key_length))) - return NULL; - - ret = tr_dh_secret_new (handle->len); - - secret_key_length = handle->len; - --#if POLARSSL_VERSION_NUMBER >= 0x01030000 -- if (!check_result (dhm_calc_secret (handle, ret->key, -- &secret_key_length, my_rand, NULL))) -+#if API_VERSION_NUMBER >= 0x02000000 -+ if (!check_result (API (dhm_calc_secret) (handle, ret->key, secret_key_length, -+ &secret_key_length, my_rand, NULL))) -+#elif API_VERSION_NUMBER >= 0x01030000 -+ if (!check_result (API (dhm_calc_secret) (handle, ret->key, -+ &secret_key_length, my_rand, NULL))) - #else -- if (!check_result (dhm_calc_secret (handle, ret->key, &secret_key_length))) -+ if (!check_result (API (dhm_calc_secret) (handle, ret->key, &secret_key_length))) - #endif - { - tr_dh_secret_free (ret); -@@ -324,7 +344,7 @@ tr_rand_buffer (void * buffer, - assert (buffer != NULL); - - tr_lockLock (rng_lock); -- ret = check_result (ctr_drbg_random (get_rng (), buffer, length)); -+ ret = check_result (API (ctr_drbg_random) (get_rng (), buffer, length)); - tr_lockUnlock (rng_lock); - - return ret; --- -2.7.4 - diff --git a/net/transmission/patches/030-fix-port-test.patch b/net/transmission/patches/010-fix-port-test.patch similarity index 100% rename from net/transmission/patches/030-fix-port-test.patch rename to net/transmission/patches/010-fix-port-test.patch diff --git a/net/transmission/patches/020-fix-external-miniupnpc.patch b/net/transmission/patches/020-fix-external-miniupnpc.patch deleted file mode 100644 index 64a2fca34..000000000 --- a/net/transmission/patches/020-fix-external-miniupnpc.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 94fa0bba88740b9ab58c5805ddb24b05b2635f34 Mon Sep 17 00:00:00 2001 -From: Mike Gelfand -Date: Fri, 26 Jan 2018 08:31:16 +0300 -Subject: [PATCH] Fix FTCBFS due to AC_RUN_IFELSE (patch by Helmut Grohne) - -Fixes: #475 ---- - configure.ac | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index cb026df..335f4a7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -390,14 +390,12 @@ dnl Let's hope it's 1.7 or higher, since it provides - dnl MINIUPNPC_API_VERSION and we won't have to figure - dnl it out on our own - if test "x$upnp_version" = "xunknown" ; then -- AC_RUN_IFELSE( -+ AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [#include - #include ], -- [#ifdef MINIUPNPC_API_VERSION -- return EXIT_SUCCESS; -- #else -- return EXIT_FAILURE; -+ [#ifndef MINIUPNPC_API_VERSION -+ #error MINIUPNPC_API_VERSION undefined - #endif] - )], - [upnp_version=">= 1.7"] --- -2.7.4 - diff --git a/net/transmission/patches/050-fix-safari.patch b/net/transmission/patches/020-fix-safari.patch similarity index 100% rename from net/transmission/patches/050-fix-safari.patch rename to net/transmission/patches/020-fix-safari.patch diff --git a/net/transmission/patches/030-fix-dht-memory-leak.patch b/net/transmission/patches/030-fix-dht-memory-leak.patch new file mode 100644 index 000000000..c584d3f49 --- /dev/null +++ b/net/transmission/patches/030-fix-dht-memory-leak.patch @@ -0,0 +1,31 @@ +From df03e037c69ebd74dd2db77d034b65980f0dc2d0 Mon Sep 17 00:00:00 2001 +From: Mike Gelfand +Date: Tue, 23 Jan 2018 21:20:30 +0300 +Subject: [PATCH] Fix memory leak in `tr_dhtInit` in failure condition + +Fixes: #482 +--- + libtransmission/tr-dht.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libtransmission/tr-dht.c b/libtransmission/tr-dht.c +index 243429f64..df56542bc 100644 +--- a/libtransmission/tr-dht.c ++++ b/libtransmission/tr-dht.c +@@ -333,8 +333,11 @@ tr_dhtInit (tr_session *ss) + + return 1; + +- fail: +- tr_logAddNamedDbg ("DHT", "DHT initialization failed (errno = %d)", errno); ++fail: ++ tr_free(nodes6); ++ tr_free(nodes); ++ ++ tr_logAddNamedDbg("DHT", "DHT initialization failed (errno = %d)", errno); + session = NULL; + return -1; + } +-- +2.17.0 + diff --git a/net/transmission/patches/040-fix-curl.patch b/net/transmission/patches/040-fix-curl.patch new file mode 100644 index 000000000..00448507e --- /dev/null +++ b/net/transmission/patches/040-fix-curl.patch @@ -0,0 +1,29 @@ +From 4fa98f0b0b493ebbef616404dbc03ba5fe811997 Mon Sep 17 00:00:00 2001 +From: userwithuid +Date: Sun, 27 May 2018 12:47:15 -0700 +Subject: [PATCH] fix logic for setting the curl ca bundle file + +we do not want to delete the system default by setting this to NULL... +--- + libtransmission/web.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libtransmission/web.c b/libtransmission/web.c +index db349760b..997a151b5 100644 +--- a/libtransmission/web.c ++++ b/libtransmission/web.c +@@ -191,7 +191,10 @@ createEasy (tr_session * s, struct tr_web * web, struct tr_web_task * task) + #endif + if (web->curl_ssl_verify) + { +- curl_easy_setopt (e, CURLOPT_CAINFO, web->curl_ca_bundle); ++ if (web->curl_ca_bundle != NULL) ++ { ++ curl_easy_setopt (e, CURLOPT_CAINFO, web->curl_ca_bundle); ++ } + } + else + { +-- +2.17.0 + diff --git a/net/transmission/patches/040-https-portcheck.patch b/net/transmission/patches/050-https-portcheck.patch similarity index 79% rename from net/transmission/patches/040-https-portcheck.patch rename to net/transmission/patches/050-https-portcheck.patch index 99222d279..73a6c1d56 100644 --- a/net/transmission/patches/040-https-portcheck.patch +++ b/net/transmission/patches/050-https-portcheck.patch @@ -1,9 +1,9 @@ -From 6de0a3d7a3cd0b2ca6d1b33b5d4d7f44908c1ac3 Mon Sep 17 00:00:00 2001 +From a2991e22434352a3114bf437674070a135b723fd Mon Sep 17 00:00:00 2001 From: Rosen Penev -Date: Thu, 1 Mar 2018 11:21:43 -0800 -Subject: [PATCH] portcheck: Switch to HTTPS. +Date: Sun, 27 May 2018 13:38:27 -0700 +Subject: [PATCH] portcheck: Switch to HTTPS -Useful for OpenWrt. +Useful for testing TLS verification. --- libtransmission/rpcimpl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -22,5 +22,5 @@ index 46fd3192c..dcd96df59 100644 tr_free (url); return NULL; -- -2.14.3 +2.17.0 diff --git a/net/transmission/patches/060-fix-tls-verify.patch b/net/transmission/patches/060-fix-tls-verify.patch new file mode 100644 index 000000000..1a9a1207b --- /dev/null +++ b/net/transmission/patches/060-fix-tls-verify.patch @@ -0,0 +1,28 @@ +From 81d584b9027b2b2ddd3209c1582c9ec73c26cc3e Mon Sep 17 00:00:00 2001 +From: Simon Wells +Date: Sun, 27 May 2018 13:44:41 -0700 +Subject: [PATCH] Change TR_CURL_SSL_VERIFY to TR_CURL_SSL_NO_VERIFY + +use secure by default and change the env var to match curl -k behaviour + +Closes: #179 +--- + libtransmission/web.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libtransmission/web.c b/libtransmission/web.c +index 997a151b5..ce41e342a 100644 +--- a/libtransmission/web.c ++++ b/libtransmission/web.c +@@ -392,7 +392,7 @@ tr_webThreadFunc (void * vsession) + web->taskLock = tr_lockNew (); + web->tasks = NULL; + web->curl_verbose = tr_env_key_exists ("TR_CURL_VERBOSE"); +- web->curl_ssl_verify = tr_env_key_exists ("TR_CURL_SSL_VERIFY"); ++ web->curl_ssl_verify = !tr_env_key_exists ("TR_CURL_SSL_NO_VERIFY"); + web->curl_ca_bundle = tr_env_get_string ("CURL_CA_BUNDLE", NULL); + if (web->curl_ssl_verify) + { +-- +2.17.0 +